Trend Micro has just
released a new version of their anti virus for S60 3rd Edition devices. As you may know, S60 3rd Edition is based on
Symbian OS 9. One of the new features on this new operating system is
Platform Security (PlatSec), which is supposed to protect our devices for malicious programs.
One aspect of these changes is the platform security enhancements. These represent an evolution of the existing perimeter security model of Symbian OS and help ensure the stability of the platform, providing even greater protection against malicious or badly-implemented programs.
If PlatSec is designed to protect us against malicious programs, do we need an anti virus application? Until today, I haven’t heard a virus that attacks Symbian OS 9 devices yet. If you check
virus definition database from Trend Micro web site, there are some viruses for Symbian OS already, but all of them attack pre-Symbian OS 9 devices. There is a Java malware application, called
J2ME_REDBROW.A that may attack Symbian OS 9 devices, but I am not really sure about that.
*mobile.antonypranata.com/wp-content/uploads/2007/03/windowslivewriterdoweneedantivirusforsymbianos9devices-1002trendmicro12.png *mobile.antonypranata.com/wp-content/uploads/2007/03/windowslivewriterdoweneedantivirusforsymbianos9devices-1002trendmicro2.png
Can virus attack Symbian OS devices? I am not a security expert, but I will give my opinion based on my experience doing Symbian OS 9 development. Since the introduction of PlatSec, all applications that use sensitive features of the device need to be signed. For example, an application that is capable of reading contacts from the phone book must be signed. Furthermore, there are some features that need device manufacturer’s approval. For example, an application that tries to access protected folders on the device needs to get manufacturer’s approval. Protected folders here include executable folder and application’s private folder.
What does signing mean? We can look it from two different things here. Firstly, signing means that the developer of an application can be verified. Secondly, signing also guarantees that the application on the user’s side is the same as the one from the developer. It other words, nobody has ever modified the application, for example by adding malicious behavior. Who is doing signing? There are several
root certificates installed on Symbian OS 9 devices that can be used to verify application’s signature. Normally, Symbian’s root certificates and device manufacturer’s certificates, like Nokia, are available on the device. It means an application can be signed by Symbian or manufacturer (see also
SymbianSigned.com for more information signing).
If Platform Security requires signing, can a virus get into a device? A virus that does not use sensitive features of the device, which means do not need signing, may get into a device easily. For example, a virus that displays annoying messages. Unfortunately, a virus that makes a phone can get into a device easily too because it does not need signing. How about dangerous viruses? There are still possibilities for them to get into a device. Someone must find a way to 1) sign the virus; or 2) install a root certificate to the user’s device that can verify virus’ signature. Both of them are not trivial tasks.
There is another possibility for advanced users to get infected by trojan. They may sign trojan themselves using developer certificates. It sounds silly, but it may happen that someone install trojan that is signed by himself. Why? There are some developers that release
distribute unsigned version of their applications. How do we sign them? We can sign them using developer certificates that are bound to our devices (see also
these instructions on Mobile9).
Back to the original question, do we need anti virus on Symbian OS 9 devices? Personally, I am not too worried about virus because of the reasons that I have explained above. As long as we always install application from trusted sources, we should be fine. However, if you are a little paranoid or don’t really know how to differentiate between “trusted” and “unknown” sources, having an anti virus may be a good idea.
What I find more useful is actually anti-spam application, which is part of Trend Micro Mobile Security too. It protects us against spam that may come from SMS, for example. This may not be a critical issue either because network operators should be aware of this threat. They should have “something” that prevents their customers from receiving spams, but who knows… *mobile.antonypranata.com/wp-includes/images/smilies/icon_smile.gif
